2012/11/19 linbloke <linbloke@xxxxxxxxxxx>: > > > Perhaps your log daemon is squashing duplicate entries? > To be honest i dont care much about log messages, I do care about rule counters:) The thing that scares me is my missunderstanding of "what is going on?" But I found when counters get incremented. Bulmer test with nc hinted me to play a bit with tcp packet payload. First run: echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80 gives no counters change. I get the page, but counters still unchanged. Okey... Doing request like: echo -n "GET BUBA-BUBA /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80 I get "400 Bad request" and counters still unchaged. Okey.... !!! BUT !!!! if I do something like echo -n "GET BUBA-BUBA-BUBA-BUBAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n| nc 89.16.167.134 80 I get the same "400 Bad request", BUT now counters got incremented. Seems like module start matching from the wrong position thus even --from 0 (ommiting --from 0 for default does not change result) simply does not work. Ehm... -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
